Privacy Policy - Customers

This Privacy Policy shall become effective as of 25 May 2018. To see the Privacy Policy in effect up to that date, please click here.

We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.

At Road Tech, we understand that we have a responsibility to protect and respect your privacy and look after your personal data. This Privacy Policy explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.

For clarity, in the context of this document Road Tech is a data controller.

The data subject for this document is the transport operation that is buying products or services from Road Tech Computer Systems Ltd. The transport operation is the data controller for any information on third parities they enter using the software or services they purchase.

We accept that contact details and contracts will contain personal details of employees of customer organisations and mean therefore that they fall within the GDPR - as a natural person can be identified from the email address provided.

Data is collected during the following broad outlined activities:

1. Advertising, marketing and Public Relations

Contact details provided by companies that express an interest in purchasing products or services from us.

In most cases the data source will be someone working for the company, in the form of

A business card

Competing one of our web enquiry forms

Phone call

Email

Written request for information

If you do not wish to receive any further information, you have the right to un-subscribe. From future marketing.

2. Accounts and Records

As with any business we are legally obliged to keep records, on what you have purchased, and accounting information.

3. Web services and Cloud Services

Where a customer signs up for one of our cloud services, we collect some information about them. As a minimum this must Include a valid email address. The email address is used to return the authentication credentials to access your subscription details, and the administration pages for the services you have subscribed to.

It will also be used to provide some help and getting started information.

The customer may subscribe to receive various notifications about:

product updates

new products

planned maintenance

Data Protection law

Data protection law is changing and this document is being updated to reflect these changes.

The EU General Data Protection Regulation (GDPR) was passed in the European Parliament in 2016 and will come into effect on May 25th 2018.

For the purposes of the GDPR we are a small company with less than 250 employees.

We do not fall within the groups listed in Article 37.1 of the GDPR and therefore will not be appointing a DPO at this time.

Rationale: Road Tech Computer Systems Ltd is not a public authority so 37.1a does not match. Our core activity is selling software solutions to the transport industry. Population of EU as of January 2017 was 512 million.

Customers, and transport organizations who have expressed an interest amount to approximately 25,000. Ignoring the fact that we trade on a business to business basis, and assuming that all had provided details of a natural person this would amount to less than 0.005% of the EU population. Therefore does not meet the “large scale” item in 37.1b, or 37.1c.

We do not engage in the regular or systematic monitoring of customers article 37.1b, or in their criminal activity; 37.1c.

The transport operations that are our customers, use us as a data processor to process event data on their drivers. In aggregate as of January 2017 this amounts in total to data on 110,000 drivers. Presuming no duplicates this represents 0.023% of European population. This may grow significantly and therefore will need to be reviewed.

How the law protects you

Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, performance of a contract, to enable billing and remittance, and to contact you for customer service purposes.

How do we collect personal data from you?

We receive information about you from you when you use our website, complete forms on our website, if you contact us by phone, email or otherwise in respect of any of our products and services or during the purchasing of any such product. Additionally we also collect information from you when you sign up or when you inform us of any other matter. Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information, server logs, device event information and location information.

What type of data do we collect from you?

The personal data that we may collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. We may also keep details of your visits to our website including, but not limited to traffic data, location data and other communication data. We also retain records of your queries and correspondence, in the event you contact us.

We will also collect your name when you attend a training course or meeting here at Shenley, this will be entered into our visitors book for registration of attendees and visitors passes.

How do we use your data?

We use information about you in the following ways:

Purpose/Activity: Sign Up (Registration as a customer)

Type of data:

Identity of organisation

Contact Details

Marketing and Communications Preferences

Technical

Lawful basis:

Performance of a contract with you,
Legitimate interest.

Purpose/Activity: To process your service order including:

Sales Order Processing

Accounting of payments and charges

Send Invoices and other accounting documents

Type of data:

Identity of organisation

Contact Details

Financial Details

Transaction

Lawful basis:

Performance of a contract with you,
Legitimate interest.

Purpose/Activity: To provide product and service communication, which will include:

Giving help and guidance to you as a new user

Notify you of service/product updates and changes

Type of data:

Identity of organisation

Contact Details

Marketing and Communications Preferences

Lawful basis:

Performance of a contract with you,
Legitimate interest.

Purpose/Activity: To carry out necessary maintenance and support in the interest of good customer service

Type of data:

Identity of organisation

Contact Details

Technical Details of support query

Lawful basis:

Legitimate interest.

Purpose/Activity: To provide details of product enhancements, changes and tips for getting the best out of the system and maximise the benefits. You may opt out at any time

Type of data:

Identity of organisation

Contact Details

Technical

Lawful basis:

Legitimate interest.

Purpose/Activity: For security purposes we will also collect your name when you attend a training course or meeting here at Shenley, this will be entered into our visitors book for registration of attendees and visitors passes

Type of data:

Name

Contact Details

Lawful basis:

Legitimate interest.

Retention periods

We will keep your personal data for the duration of the period you are a customer of Road Tech. We shall retain your data only for as long as necessary in accordance with applicable laws. We may keep your data for up to 7 years from the point at which you cease using our products or services. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We assure you that your personal data shall only be used for these purposes stated herein.

Your rights

You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten.

There may be legal or contractual reasons why we need to keep your data for a period, but please do inform us if you think we are retaining or using your personal data incorrectly.

Where practical our Privacy Policy shall be made clear to you at the point of collection of your personal data.

You can view, edit or delete your personal data through the Road Tech online services.

You have the right to ask us not to process your personal data for marketing purposes.

We will not contact you for marketing purposes unless you have given us your prior consent. You can change your marketing preferences at any time within your service settings or by contacting us.

Accessing and updating your data

You have the right to access the information we hold about you and to have any errors or omissions corrected. Please email your requests to crm@roadtech.co.uk so that we can obtain this information for you.

Use of cookies

Our Websites may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Website may not function properly.

Links to other sites

Road Tech may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.

Data that is shared with 3rd Parties

We may use you contact details in order to communicate with you via a third party such as Mailchimp, but when we do we make sure they do not use your data for any other purpose than is stipulated. Their policy can be found here: https://mailchimp.com/legal/privacy/#members

HMRC, DVLA, lawyers, auditors and other authorities who are processors or joint controllers who require access or reporting of processing activities in certain circumstances.

We also use Third Party Maintenance companies and Courier service in order to supply repair and replacement part services, who we will share your contact and address details with in line with Road Tech providing service to you.

We will also share your details with the ICO. If you are using us as a service provider we are obliged if requested to share this with the ICO.

Data classes we are legally required to collect

Where data is collected to satisfy a legal requirement, such as financial records, the controller will be obliged to keep the data for a set minimum period. The “data subject” has the right for access, and to request rectification where they think there is an error. The data subject may have additional rights outside of the GDPR, granted by the law requiring the data to be kept. For example to receive statements of account, and copy invoices.

Where we store your personal data

Gated private grounds.

We follow accepted ISO standards to store and protect the personal data we collect, including the use of encryption if appropriate.

Our Server rooms are protected by Access Control, 24Hour CCTV and we also have security personnel with patrol dogs in some periods out of normal working hours.

The environment is controlled with Dual Air conditioning units with temperature sensors, and a fully maintained Fire Detection and Suppressant system. The server rooms are integrity tested yearly.

We also have Level 1 Lightning protection with ESP(Electrical Surge Protection).

We employ server grade machines with SSD and dual power supplies where applicable.

Our Site has utility power supply with Server rooms power fed from N+1 UPS systems with battery extended runtime and generator backed with external extended fuel tanks. We also run regular on-load testing with simulated mains failure in order to test our systems. We also have the ability to use portable power generation.

Our servers are monitored 24/7/365 by a trained team of our in house engineers and system specialists, using automated checks and remote alerts.

All information you provide to us is stored on our secured servers within the EEA. As the transmission of information via the internet is not completely secure - for example email - , we cannot guarantee the security of your data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Where we have given you a password or where you have chosen a replacement which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone, ever.

Data within Road Tech SaaS applications fronted by HTML sites are stored in a highly available system. This utilises a crash resistant database system from a leading supplier, sitting on a RAID system, ensuring redundant disks are in place to recover from lost storage media. Hardware sourced from the leading server manufacturer and highly resilient. Data is replicated in real time using DRBD to storage in a separate data centres, utilising separate power supply, buildings, backup generators and UPS systems. This allows for sub-second fail over on loss of server, power, or entire data centre structure.

Point in time recovery is taken from replicated databases snapshotted using ‘Copy on Write’ archives taken daily, copied onto tape, and stored in fireproof safe.

The Infrastructure Team run regular penetration testing - security scanning - using state of the art vulnerability scanning software in order to protect our networks.

Data Breaches

In the event of a data breach, we will use the contact details that were provided at point of sign-up, unless other arrangements have been made.

Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at: